Merge branch 'raise-on-unfiltered-params' into 'master'

Set ActionController raise_on_unfiltered_parameters to true

See merge request gitlab-org/gitlab-ce!24443

2 files changed, 3 insertions, 2 deletions

diff --git a/config/application.rb b/config/application.rb
index 349c7258852..92a3d031c63 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -162,6 +162,9 @@ module Gitlab
 
     config.action_view.sanitized_allowed_protocols = %w(smb)
 
+    # Can be removed once upgraded to Rails 5.1 or higher
+    config.action_controller.raise_on_unfiltered_parameters = true
+
     # Nokogiri is significantly faster and uses less memory than REXML
     ActiveSupport::XmlMini.backend = 'Nokogiri'
 
diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb
index a1e0667bc6f..115ee08dbb6 100644
--- a/config/initializers/new_framework_defaults.rb
+++ b/config/initializers/new_framework_defaults.rb
@@ -8,8 +8,6 @@
 #
 # Read the Guide for Upgrading Ruby on Rails for more info on each option.
 
-Rails.application.config.action_controller.raise_on_unfiltered_parameters = true
-
 # Enable per-form CSRF tokens. Previous versions had false.
 Rails.application.config.action_controller.per_form_csrf_tokens = false